Re: gwcfd v3

[Louvian Lyndal <louvianlyndal@gmail.com>]

On Tue, Oct 22, 2024 at 5:30 AM Alviro Iskandar Setiawan wrote:
> On Tue, Oct 22, 2024 at 4:57 AM Louvian Lyndal wrote:
> > I even included a sample URL that anyone could access without login,
> > but apparently, that's just how they like it-wide open and welcoming
> > to all.
>
> Can you give me a sample or the dump file?

You can find a BTB here:
http://dzi6vje7g62egwengyit3p42qp5a7xvgtivgplphpgykbz5ahc2sxcad.onion/

> How far does the vulnerability give you access to their system?

At worst, it's just dumping the tickets, but then we can extract the
user info from the invoice.

And didn't I mention the XML endpoint. That's where the magic happens.
It's like a buffet for file listings, just sitting there, waiting to
be harvested. That's the crown jewel of the whole operation if you
want to dump everything.

It's absolutely baffling that this vulnerability even exists in the
first place. It's not just a slip-up; it's a glaring oversight that
shouldn't happen in any serious system. Leaving something like this
wide open is basically inviting trouble-it's not just careless, it's
downright irresponsible.